CVE-2025-36603

Medium CVSS 4.2

Overview

Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

CWE: CWE-611 Published: 2025-07-21T17:15:36.747

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.2 (MEDIUM)
Detected tags: info_leak, xxe (tag impact: MODERATE)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Disable external entities in XML parsers; use safe libraries.

Overview

Recommended tools

Tags